Core Software Security: Security at the Source (Hardcover)

"... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. ... Readers are armed with firm solutions for the fight against cyber threats."
—Dr. Dena Haritos Tsamitis. Carnegie Mellon University

"... a must read for security specialists, software developers and software engineers. ... should be part of every security professional’s library."
—Dr. Larry Ponemon, Ponemon Institute

"... the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process. ...A must-have for anyone on the front lines of the Cyber War ..."
—Cedric Leighton, Colonel, USAF (Ret.), Cedric Leighton Associates

"Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source! "
—Eric S. Yuan, Zoom Video Communications

There is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software.

Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source.

Book Highlights:

• Supplies a practitioner's view of the SDL
• Considers Agile as a security enabler
• Covers the privacy elements in an SDL
• Outlines a holistic business-savvy SDL framework that includes people, process, and technology
• Highlights the key success factors, deliverables, and metrics for each phase of the SDL
• Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT
• Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework

View the authors' website at http://www.androidinsecurity.com/

「...這本引人入勝的書籍將使大型和小型軟體開發和工程組織的讀者能夠在產品中建立安全性... 讀者將獲得對抗網絡威脅的堅實解決方案。」—Dena Haritos Tsamitis博士，卡內基梅隆大學

「...這是安全專家、軟體開發人員和軟體工程師必讀的書籍... 應該是每個安全專業人士的圖書館中的一部分。」—Larry Ponemon博士，Ponemon研究所

「...這是軟體安全專業人士的權威指南。Ransome博士、Anmol Misra和Brook Schoenfield巧妙地概述了將真正的安全性整合到軟體開發過程中所需的程序和政策... 對於身處網絡戰爭前線的任何人來說都是必備的。」—Cedric Leighton上校（美國空軍退役），Cedric Leighton Associates

「Ransome博士、Anmol Misra和Brook Schoenfield在這本書中為您提供了一個神奇的公式-一種將安全性建立到整個軟體開發生命週期中的方法和過程，以便軟體在源頭上得到保護！」—Eric S. Yuan，Zoom Video Communications

網絡安全獲得了很多宣傳，但真正的網絡弱點是不安全的軟體。數百萬個軟體漏洞構成了一個網絡卡牌屋，我們在其中過著數碼生活。作為回應，安全人員建立了越來越複雜的網絡堡壘來保護這些脆弱的軟體。儘管他們的努力，這些安全設施仍然無法保護我們的數碼財寶。為什麼？安全行業未能充分與撰寫軟體的創造性、創新性的人們合作。

《核心軟體安全》闡述了以開發者為中心的軟體安全，這是一個綜合的過程，旨在利用創造力來保護安全。只要軟體由人類開發，就需要人類的參與來修復它。開發者為中心的安全不僅可行，而且具有成本效益和操作上的相關性。這種方法將安全性融入軟體開發中，這是我們數碼基礎設施的核心。無論採用何種開發方法，軟體都必須在源頭上得到保護。

書籍亮點：
- 提供了軟體開發生命週期（SDL）的實踐者觀點
- 將敏捷方法視為安全的促進因素
- 考慮了SDL中的隱私元素
- 概述了一個全面的商業敏感的SDL框架，包括人員、流程和技術
- 強調了SDL每個階段的關鍵成功因素、交付成果和指標
- 檢視了開發者為中心的軟體安全計劃和PSIRT的成本效益、優化性能和組織結構
- 包括著名安全架構師Brook Schoenfield的一章，分享他在應用本書SDL框架方面的見解和經驗

請參閱作者網站：http://www.androidinsecurity.com/